Exploited vulnerability in Interent Explorer

[Cahya Legawa]

So how about the Gazelle - the next version of IE, anyone heard it again?

[Hermite15]

So how about the Gazelle - the next version of IE, anyone heard it again?

yeah I was thinking about it earlier today after all the fuss around IE, so no, I haven't heard anything new about Gazelle for a while...months...

edit: btw it's a not a new/next version of IE, it's something completely different, just a project so far, but supposed to be more like a web oriented OS (Windows still needed  ) than a simple browser, so with web apps everywhere and sandboxing etc...well IIRC  ...
more here: http://research.microsoft.com/pubs/79655/gazelle.pdf

[Marc57]

This will be patched tomorrow.

http://blogs.zdnet.com/security/?p=5298&tag=nl.e589

[polonus]

Howdy malware fighters,

There is now an new Aurora IE-Exploit POC that will succesfully circumvent DEP and works on IE8 - the French Vupen exploit:
http://www.vupen.com/exploits/Microsoft_Internet_Explorer_Use_after_free_Code_Execution_Exploit_MS_979352_0135286.php
It is only available for security vendors at the moment, but the exploits will be soon floating around  on the Internet, the present explots are circulating through subdomains 3322.org and 8866.org ie.html files redirecting to a jpg with part of the exploitcode. It places down.css and  log.css malware on the system that is to download other malware, the tip of the iceberg, folks, list of domain names used here:
http://extraexploit.blogspot.com/2010/01/cve-2010-0249-in-wild-xx2228866org-and.html
Time for the patch....

pol

P.S. free tool for the Aurora malware: http://download.nai.com/products/mcafee-avert/aurora_stinger.exe

[Hermite15]

There is now an new Aurora IE-Exploit POC that will succesfully circumvent DEP and works on IE8

das auch noch  Balmer must be crying 

[polonus]

Hi Logos,

The patch will be launched Thursday 10.00 o'clock Seattle time:

http://www.theregister.co.uk/2010/01/20/microsoft_emergency_ie_update/

polonus

[Hermite15]

Hi Logos,

The patch will be launched Thursday 10.00 o'clock Seattle time:

http://www.theregister.co.uk/2010/01/20/microsoft_emergency_ie_update/

polonus

Hello,
yeah I saw, but I removed IE from Win7 (see my last post in the China thread)

[Hermite15]

just found  
Opera and Firefox downloads soar after IE alerts
http://www.theregister.co.uk/2010/01/20/opera_and_mozilla_download_uptick_post_ie_warnings/

After Microsoft confirmed that a hole in its Internet Explorer browser was used in the December cyber attacks on Google and at least 33 other outfits, a trio of security-conscious nations - Germany, France, and Australia - went so far as to warn their citizens against the use of IE. And that led to a very good week for the likes of Opera and Mozilla.

Following an IE warning from the German government, Opera saw German downloads of its desktop browser more than double. And in Australia, where a similar warning was issued, its downloads leaped 37 per cent.

Meanwhile, Mozilla saw a "statistically significant rise" in the number of downloads originating from both Germany and France, the third nation to warn against the use of IE. In the chart below - supplied by Mozilla - the orange area shows an estimated 300,000 extra downloads in Germany over the past four days:

they don't mention Chrome...I read a few times Chrome's devs were disappointed by the rate of adoption so far...

oh yes, here:

According to a Mozilla spokeswoman, the outfit has also seen an uptick in website traffic from France, but she says the added traffic will take another day to two to register with the outfit's download stats. An Opera spokesman tells us that unlike Mozilla, his company has not seen a significant download uptick from the French.

Google declined to provide recent Chrome download stats for such countries, suggesting we check with third-party research firms at the end of the month

true Firefox is extremely popular in France  

see here too:
http://blog.mozilla.com/metrics/2010/01/19/people-in-germany-are-switching-browsers/

[Chris Thomas]

The IE vulnerability has been fixed

Just do a Windows Update

http://news.bbc.co.uk/2/hi/technology/8469632.stm

[carbonize]

I read a few times Chrome's devs were disappointed by the rate of adoption so far...

What did they expect? That everyone would suddenly switch to it just because they bombard you with ads for it and they install it with all their other products without actually asking you if you want it first?

They should be grateful that they seems to have more users than Opera and Opera's over 10 years old.

[Hermite15]

they seems to have more users than Opera and Opera's over 10 years old

... I mentioned this somewhere not long ago, I think on Opera forums, or may be here  ... but yeah, they expected too much too quickly. That's Google... I suspect some of them from dreaming about ruling the Internet 

[polonus]

Hi Logos,

We are all entitled to our dreams, if they turn their browser into the OS of choice everybody would be in their cloud, and we only needed a screen and a keyboard. No-one has to worry about their data, these were in the cloud and available. No need for a re-install and you only had to learn to right click, left click and click away. Computer and ISP in the Google cloud. These clouds for them would be golden-rimmed.
Maybe I am foreseeing the future that is nearer than we all may think,

polonus

[Hermite15]

OK fine, this may well happen...progressively but I'm one of those who prefer their computer to the cloud  

[mkis]

Patch arrives for IE hole targeted by Chinese - Windows Secrets

http://windowssecrets.com/comp/100121#story1

[Hermite15]

Emergency IE patch goes live as exploits proliferate
'Hundreds of sites' locked and loaded

http://www.theregister.co.uk/2010/01/21/ie_emergency_patch_released/